12. Appendix A - Configuring BOOTP/DHCP and NFS

If you're wondering what on earth this BOOTP and DHCP stuff is, more information is available at the DHCP WWW site. NFS is documented separately in detail in the NFS HOWTO, and there's a DHCP mini-HOWTO too. I've tried to provide enough details here to help you get started, whilst not treating the topics in depth - let me know if you think this is overkill.

In the BOOTP/DHCP + NFS configuration we're discussing, the KickStart config file should be NFS mountable by the machine being installed from /kickstart/IPADDR-kickstart on the BOOTP/DHCP server, where IPADDR is the IP address of the new machine, e.g. /kickstart/198.168.254.254-kickstart for the machine 198.168.254.254.

You should be able to override this location by returning the bf parameter (boot file) in your BOOTP/DHCP response. It may even be possible to have this NFS mounted off another machine entirely.

To NFS export some directories from an existing Linux box, create the file /etc/exports with contents something like:

/kickstart *.swedish-chef.org(ro,no_root_squash)
/mnt/cdrom *.swedish-chef.org(ro,no_root_squash)

Note that if you didn't register the IP addresses you're going to be using in the DNS, you may be told to get lost by the NFS server and/or the RPC portmapper. In this you can probably get away with putting IP address/netmask pairs in the config files, e.g.

/kickstart 198.168.254.0/255.255.255.0(ro,no_root_squash)

and in /etc/hosts.allow:

ALL: 194.82.103.0/255.255.255.0: ALLOW

This is because most Linux distributions use TCP wrappers to do access control for some or all of the NFS related daemons. Be aware that the /etc/exports syntax tends to be different on other Unix variants - the NFS servers bundled with Linux distributions tend to offer a much wider range of options than the ones shipped with other versions of Unix.

Be aware that if you include a root password in your KickStart config file, or NFS export directories containing sensitive information, you should take care to expose this information to as few people as possible. This can be done by making the NFS export permissions as fine grained as you can, e.g. by specifying a particular host or subnet to export to rather than a whole domain. If you keep a special IP address free for KickStart installations, everything's nice and simple, but you'll have to change it later - or reconfigure the machine to get its IP address via BOOTP/DHCP.

Most NFS servers require you to tell mountd and nfsd (on some versions of Unix they're prefixed with a rpc.) that the /etc/exports file has changed - usually by sending a SIGHUP. There's often a program or script called exportfs, which will do this for you, e.g.

# exportfs -a

If you didn't have NFS up and running when this machine was booted, the directories may not be exported automatically. Try rebooting, or running the following programs as root:

# portmap
# rpc.nfsd
# rpc.mountd

As noted, on some systems the rpc. prefix isn't used. In most modern Unix distributions, these programs can be found in the /usr/sbin or /usr/libexec directories. These might not be in your path already, e.g. if you used su to become root. The portmap program is also sometimes called rpcbind, e.g. on Solaris, some versions of nfsd require a command line argument specifying the number of instances of the server to run, and you may find you also need to run another daemon called biod. The above should suffice on most (all?) Linux systems.

If you're using the CMU BOOTP server with DHCP and dynamic addressing extensions referred to earlier, a sample /etc/bootptab entry (/etc/bootptab is the normal location of the BOOTP/DHCP configuration file) would look something like this:

  .dynamic-1:ip=198.168.254.128:T254=0x30:T250="ds=198.168.254.2:
  dn=swedish-chef.org:sm=255.255.255.0:gw=198.168.254.1:
  dl=0xFFFFFFFF":

(wrapped for clarity)

This says to allocate IP addresses dynamically on encountering new machines, starting at 198.168.254.128 and continuing for the next 48 (the hexadecimal value 30) addresses. Each client will be passed back the value of T250. In this case that sets:

• the DNS server ds to 198.168.254.2
• the domain name dn to swedish-chef.org
• the subnet mask sm to 255.255.255.0
• the default gateway gw to 198.168.254.1
• the lease length dl (how long the address is valid for) to "forever"

There seem to be a number of other versions of this server kicking around which do not support dynamic addressing. For these, you would have to list the hardware (typically Ethernet MAC) address of each to-be-installed machine in /etc/bootptab, and the entries would look something like this:

bork.swedish-chef.org:ip=198.168.254.128:ha=0000E8188E56:
  ds=198.168.254.2:dn=swedish-chef.org:sm=255.255.255.0:
  gw=198.168.254.1:dl=0xFFFFFFFF":

(wrapped for clarity)

Note that the parameter ha corresponds to the hardware address of the machine being installed.